mpg123: global buffer overflow in III_i_stereo (layer3.c) (CVE-2017-11126)
The III_i_stereo function in libmpg123/layer3.c in mpg123 through
1.25.1 allows attackers to cause a denial of service (buffer over-read
and application crash)
via a crafted audio file that is mishandled in the code for the
“block_type != 2” case, a similar issue to CVE-2017-9870.
Fixed In Version:
mpg123 1.25.2
References:
http://openwall.com/lists/oss-security/2017/07/10/3
https://nvd.nist.gov/vuln/detail/CVE-2017-11126
Patch:
(from redmine: issue id 7594, created on 2017-07-24, closed on 2017-08-08)
- Relations:
- child #7595 (closed)
- child #7596 (closed)
- child #7597 (closed)
- child #7598 (closed)